zoukankan      html  css  js  c++  java
  • 1 安装bind9

    1 准备工作

    1 安装epel源
    yum install -y epel-release
    
    2 安装常用工具
    yum install -y wget net-tools telnet tree nmap sysstat lrzsz dos2unix bind-utils vim
    
    3 系统优化
    vi /etc/security/limits.conf
    追加
    * soft nofile 65535
    * hard nofile 65535
    
    4.在rstx4-201.rongbiz.cn安装Bind
    yum install -y bind
     rpm -qa bind
    

    配置bind

    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
    
    options {
    	listen-on port 53 { 192.168.1.201; };
    	directory 	"/var/named";
    	dump-file 	"/var/named/data/cache_dump.db";
    	statistics-file "/var/named/data/named_stats.txt";
    	memstatistics-file "/var/named/data/named_mem_stats.txt";
    	recursing-file  "/var/named/data/named.recursing";
    	secroots-file   "/var/named/data/named.secroots";
    	allow-query     { any; };
            forwarders      { 223.5.5.5; };
    	/* 
    	 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    	 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
    	   recursion. 
    	 - If your recursive DNS server has a public IP address, you MUST enable access 
    	   control to limit queries to your legitimate users. Failing to do so will
    	   cause your server to become part of large scale DNS amplification 
    	   attacks. Implementing BCP38 within your network would greatly
    	   reduce such attack surface 
    	*/
    	recursion yes;
    
    	dnssec-enable yes;
    	dnssec-validation no;
    
    	/* Path to ISC DLV key */
    	bindkeys-file "/etc/named.root.key";
    
    	managed-keys-directory "/var/named/dynamic";
    
    	pid-file "/run/named/named.pid";
    	session-keyfile "/run/named/session.key";
    };
    
    
    
    [root@rstx4-201 ~]# vi /etc/named.conf			# BIND进程的工作属性,区域的定义
    13         listen-on port 53 { 192.168.1.111; };	# 监听本机IP
    14         listen-on-v6 port 53 { ::1; };		# 删除,不监听IPV6
    20         allow-query     { any; };			# 允许所有主机查看
    21         forwarders      { 192.168.1.1; };		# 办公网上一级的DNS
    33         recursion yes;				# dns采用递归的查询
    35         dnssec-enable no;				# 关闭,节省资源(生产可能不需要关闭)
    36         dnssec-validation no;			# 关闭,节省资源,不做互联网认证
    

    检查配置文件是否正确

    [root@rstx4-201 ~]# named-checkconf
    [root@rstx4-201 ~]# echo $?
    0
    

    配置区域配置文件
    [root@rstx4-201 ~]# vi /etc/named.rfc1912.zones

    最后添加

    zone "rongbiz.cn" IN {
            type  master;
            file  "rongbiz.cn.zone";
            allow-update { 192.168.1.201; };
    };
    zone "host.com" IN {
            type  master;
            file  "host.com.zone";
            allow-update { 192.168.1.201; };
    };
    
    
    

    配置区域数据文件
    host.com

    cat /var/named/host.com.zone 
    $ORIGIN host.com.
    $TTL 600	; 10 minutes
    @   		IN SOA	dns.host.com. dnsadmin.host.com. (
    				2020122801 ; serial
    				10800      ; refresh (3 hours)
    				900        ; retry (15 minutes)
    				604800     ; expire (1 week)
    				86400      ; minimum (1 day)
    				)
    				NS   dns.host.com.
    $TTL 60	; 1 minute
    dns         A    192.168.1.201
    rstx4-201   A    192.168.1.201
    rstx4-202   A    192.168.1.202
    rstx4-203   A    192.168.1.203
    rstx4-204   A    192.168.1.204
    rstx4-205   A    192.168.1.205
    rstx4-214   A    192.168.1.214
    rstx4-240   A    192.168.1.240
    rstx4-241   A    192.168.1.241
    rstx4-53    A    192.168.1.53
    
    

    rongbiz.cn

    [root@rstx4-201 ~]# vi /var/named/rongbiz.cn.zone
    $ORIGIN rongbiz.cn.
    $TTL 600	; 10 minutes
    @   		IN SOA	dns.rongbiz.cn. dnsadmin.rongbiz.cn. (
    				2020071501 ; serial
    				10800      ; refresh (3 hours)
    				900        ; retry (15 minutes)
    				604800     ; expire (1 week)
    				86400      ; minimum (1 day)
    				)
    				NS   dns.rongbiz.cn.
    $TTL 60	; 1 minute
    dns         A    192.168.1.201
    rstx4-201   A    192.168.1.201
    rstx4-202   A    192.168.1.202
    rstx4-203   A    192.168.1.203
    rstx4-204   A    192.168.1.204
    rstx4-205   A    192.168.1.205
    rstx4-53    A    192.168.1.53
    

    检查配置文件是否正确

    [root@rstx4-201 named]# named-checkconf
    [root@rstx4-201 named]# echo $?
    0
    [root@rstx-201 ~]# dig -t A rstx4-214.host.com @192.168.1.201 +short
    192.168.1.214
    
    

    检测区域数据文件

    [root@rstx4-201 named]# named-checkzone "rongbiz.cn" /var/named/rongbiz.cn.zone 
    zone rongbiz.cn/IN: loaded serial 2020071501
    OK
    

    更改文件的属组,权限

    [root@rstx4-201 named]# chown root:named /var/named/host.com.zone 
    [root@rstx4-201 named]# chown root:named /var/named/rongbiz.cn.zone
    [root@rstx4-201 named]# chmod 640 /var/named/host.com.zone 
    [root@rstx4-201 named]# chmod 640 /var/named/rongbiz.cn.zone
    
    启动named
    [root@rstx4-201 named]# systemctl restart named
    [root@rstx4-201 named]# systemctl enable named
    
    查看启动端口
    [root@rstx4-201 named]# netstat -luntp | grep 53
    
    验证解析
    [root@rstx4-201 named]# dig -t A rstx4-201.rongbiz.cn @192.168.1.201 +short
    192.168.1.201
    [root@rstx4-201 named]# dig -t A rstx4-205.rongbiz.cn @192.168.1.201 +short
    192.168.1.205
    
    

    更改客户端dns

    # vi /etc/sysconfig/network-scripts/ifcfg-eth0
    DNS1="192.168.1.201"
    [root@rstx4-201 named]# systemctl restart network
    
    [root@moban rpm-gpg]# cat /etc/resolv.conf 
    # Generated by NetworkManager
    search rongbiz.cn
    nameserver 192.168.1.201
    
    [root@rstx4-201 named]# ping rstx4-201.rongbiz.cn
    
    添加主机域search host.com使用短域名
    [root@rstx4-201 named]# cat /etc/resolv.conf 
    # Generated by NetworkManager
    search rongbiz.cn
    
    [root@rstx4-201 named]# ping rstx4-201
    
    更改所有主机的DNS,重启网卡
    # vi /etc/sysconfig/network-scripts/ifcfg-eth0
    DNS1="192.168.1.201"
    # systemctl restart network
    
    将虚拟机的网卡DNS也改成192.168.1.201	IPV4 -- 高级 -- 越点改成20
    将本机的网卡DNS也改成192.168.1.201        IPV4 -- 高级 -- 越点改成20
    
  • 相关阅读:
    使用NDK开发SQLite3
    SQL Server 2005 Default Trace (默认跟踪)
    MySQL 获得当前日期时间 函数
    利用UltraISO写入U盘安装系统,条件:电脑支持USBHDD ,U盘容量足够
    Sicily 1157 The hardest problem
    Histogram of oriented gradients(HOG)
    IE中的CSS3不完全兼容方案
    MySQL如何查询两个日期之间的记录
    查找某个字段最大值的记录 SQL 语句
    用 jQuery 实现页面滚动(Scroll)效果的完美方法
  • 原文地址:https://www.cnblogs.com/yangtao416/p/13306098.html
Copyright © 2011-2022 走看看